4.2.2 Key related options

--recipient name

-r

Encrypt for user id name. If this option or
--hidden-recipient is not specified, GnuPG asks for the user-id
unless --default-recipient is given.

--hidden-recipient name

-R

Encrypt for user ID name, but hide the key ID of this user’s
key. This option helps to hide the receiver of the message and is a
limited countermeasure against traffic analysis. If this option or
--recipient is not specified, GnuPG asks for the user ID unless
--default-recipient is given.

--encrypt-to name

Same as --recipient but this one is intended for use in the
options file and may be used with your own user-id as an
"encrypt-to-self". These keys are only used when there are other
recipients given either by use of --recipient or by the asked
user id. No trust checking is performed for these user ids and even
disabled keys can be used.

--hidden-encrypt-to name

Same as --hidden-recipient but this one is intended for use in the
options file and may be used with your own user-id as a hidden
"encrypt-to-self". These keys are only used when there are other
recipients given either by use of --recipient or by the asked user id.
No trust checking is performed for these user ids and even disabled
keys can be used.

--no-encrypt-to

Disable the use of all --encrypt-to and
--hidden-encrypt-to keys.

--group name=value1

Sets up a named group, which is similar to aliases in email programs.
Any time the group name is a recipient (-r or
--recipient), it will be expanded to the values
specified. Multiple groups with the same name are automatically merged
into a single group.

The values are key IDs or fingerprints, but any key description
is accepted. Note that a value with spaces in it will be treated as
two different values. Note also there is only one level of expansion
— you cannot make an group that points to another group. When used
from the command line, it may be necessary to quote the argument to
this option to prevent the shell from treating it as multiple
arguments.

--ungroup name

Remove a given entry from the --group list.

--no-groups

Remove all entries from the --group list.

--local-user name

-u

Use name as the key to sign with. Note that this option overrides
--default-key.

--try-secret-key name

For hidden recipients GPG needs to know the keys to use for trial
decryption. The key set with --default-key is always tried
first, but this is often not sufficient. This option allows to set more
keys to be used for trial decryption. Although any valid user-id
specification may be used for name it makes sense to use at least
the long keyid to avoid ambiguities. Note that gpg-agent might pop up a
pinentry for a lot keys to do the trial decryption. If you want to stop
all further trial decryption you may use close-window button instead of
the cancel button.

--try-all-secrets

Don’t look at the key ID as stored in the message but try all secret
keys in turn to find the right decryption key. This option forces the
behaviour as used by anonymous recipients (created by using
--throw-keyids or --hidden-recipient) and might come
handy in case where an encrypted message contains a bogus key ID.

--skip-hidden-recipients

--no-skip-hidden-recipients

During decryption skip all anonymous recipients. This option helps in
the case that people use the hidden recipients feature to hide there
own encrypt-to key from others. If oneself has many secret keys this
may lead to a major annoyance because all keys are tried in turn to
decrypt something which was not really intended for it. The drawback
of this option is that it is currently not possible to decrypt a
message which includes real anonymous recipients.